Information Security Analyst

Coventry Walsgrave Triangle
13 Apr 2018
17 Apr 2018
Contract Type
Full Time
In a nutshellAs part of the Information Security Development and Project AssuranceTeam; responsible for working with Programme/Project teams, includingSecurity Architects, Technical Designers and Product Owners to ensurethat IT projects are delivered securely, protecting client and employeedata and ensuring compliance with Information Security policies andstandards. Co-ordinate Penetration Testing and other Security Testing insupport of In-House Development utilising Waterfall and Agile deliverymethodologies; manage remediation of identified vulnerabilities andparticipate in the full risk management lifecycle.What I need to do As an Information Security Analyst, work on a number of projects underthe supervision of Senior Analysts/Information Security ProjectsAssurance Lead. Provide end to end engagement on a wide range of IT projects ensuringthat security is built in, they deliver securely and client and employeedata is protected. Attend Programme/Project meetings and represent Information Security,giving advice as required. Review architectural and design documents including Solution OutlineDocuments, Detailed Designs, Network Diagrams, Data Flow Diagrams etc. Define Security Non Functional Requirements for each project andensure that they are fulfilled prior to going into service. Ensure the relevant technology standards are applied to specific projects. Produce resource estimates for Information Security engagement onprojects and record your time on the current resource management tool. Manage external resources to ensure that penetration testing iscarried out to a suitable standard on time and within budget. Scope and manage Penetration Testing including the production of aplan to remediate vulnerabilities identified during any tests in atimely manner. Liaise with the Information Security Testing Team to ensure that CodeReviews, Application Scanning and Infrastructure Scanning is conductedin support of In-House Development utilising Agile delivery methodologies. Responsible for ensuring that any vulnerabilities identified areprocessed in accordance with the latest Information Security RiskManagement process including; risk analysis, identifying and applyingappropriate controls, recording, reviewing and approval. Articulate risk in technical and non-technical terminology so that itcan be interpreted by IT and Business individuals alike. Carry out PCI impact assessments on projects where appropriate. Assess the current technology infrastructure to identify informationsecurity and compliance risk areas and recommend controls to addressthose risks. Escalate any issues to the Information Security Project Assurance Leadwhere appropriate. Be a Product Champion for a technology or tool that interests you froma security perspective.How I will succeed Projects/programmes are delivered securely. Projects are compliant with the relevant standards and regulations. Vulnerabilities are remediated and any residual risk is managed appropriately. Customer and Colleague feedback. Recognised as an Information Security SME. Continuous personal development. Fulfilling personal objectives.What I need to know An Information Security qualification e.g. CISSP or CISM; CISA or CEHor equivalent desirable but not essential. Computer Science degree and/or MSC in Information Security desirablebut not essential. Working knowledge of different delivery methodologies includingWaterfall, Agile and Hybrid. Experience of risk management. Knowledge and skills to manage Penetration Testing processes and remediation. Has a broad knowledge and understanding of IT concepts andarchitectures including Cloud, BYOD, Mobile Device Management etc. Proactively takes responsibility, owns any issues arising and followsthrough to resolve them, recognising how individual responsibilityimpacts team delivery and inspires others to do the same. Knowledge of OWASP vulnerabilities, tools and methodologies. Knowledge of HTTP, SSDLC and Security Testing. Some knowledge of PCI, DPA and ISO27001.What I need to show Ability to work with supervision and ensure projects deliver securely. Ability to provide IT/IS Security assurance on projects with a view totaking on complex projects after gaining the requisite experience. Demonstrates knowledge of good security practice ensuring that allaspects of Confidentiality, Integrity and Availability are adhered to. Knowledge of methods and techniques for risk management. Experience of reviewing system design documentation; includingDetailed Infrastructure Designs, Service Acceptance Criteria,Non-Functional Requirements etc. Ability to think methodically and logically and have well-honedcommunication skills. Works collaboratively with a range of people to support theInformation Security and wider Business Strategies.Resources available to me Senior Information Security Analysts Wider team of colleagues assigned to information security managementstructured into four functional areas i.e. Standards & Compliance,Project Assurance, Security Testing and Security Operations Third Party contractors (as appropriate) to complete penetrationtesting of systems. Security Product Owners, Security Architects, Technical Designers,various Working Groups including Customer, Colleague, Finance etc. Industry and national bodies (as appropriate)What decisions I can make Approve the security aspects of solutions and technical designs. Set the Non-Functional Requirements for a project. Determine appropriate controls to remediate vulnerabilities. Select the Gross and Net risk scores as part of the risk management process. Significant freedom to contribute to team processes.#LI-LS1 - provided by Dice AGILE, CEH, CISA, CISM, CISSP, CLOUD, COMPUTER SCIENCE, DEGREE, INFORMATION SECURITY, INFORMATION SECURITY MANAGEMENT, ISO27001, MOBILE, PENETRATION TESTING, RESOURCE MANAGEMENT, RISK ANALYSIS, RISK MANAGEMENT, SECURITY MANAGEMENT, SYSTEM DESIGN